From: dwalsh@redhat.com (Daniel J Walsh) Date: Tue, 08 Feb 2011 17:31:35 -0500 Subject: [refpolicy] Devices file differences in Fedora - resend with patch Message-ID: <4D51C447.4010408@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Add label for /dev/crash printk device does not exist Add labels for /dev/mqueue, /lib/udev/devices/, /sys Fedora has same labels as gentoo, remove ifdef Add interfaces for dev_read_generic_files +dev_read_generic_files(mdadm_t) +dev_read_generic_files(systemd_passwd_agent_t) dev_relabelfrom_generic_chr_files + dev_relabelfrom_generic_chr_files(init_t) - systemd needs this dev_read_generic_chr_files + dev_read_generic_chr_files(init_t) - systemd dev_rw_generic_blk_files + dev_rw_generic_blk_files(mount_t) dev_read_generic_symlinks + dev_read_generic_symlinks(virt_domain) dev_rw_all_inherited_chr_files dev_rw_all_inherited_blk_files + dev_rw_all_inherited_chr_files(sandbox_domain) -- sandbox + dev_rw_all_inherited_blk_files(sandbox_domain) -- sandbox dev_relabel_autofs_dev + dev_relabel_autofs_dev(init_t) - systemd dev_read_crash - No user yet dev_dontaudit_read_kmsg + dev_dontaudit_read_kmsg(initrc_t) dev_associate_sysfs + dev_associate_sysfs(cgroup_t) - cgroups + dev_associate_sysfs($1_image_t) - svirt/libvirt needs this dev_manage_sysfs_dirs - systemd + dev_manage_sysfs_dirs(init_t) dev_write_usbmon_dev + dev_write_usbmon_dev(netutils_t) unconfined domains have to be able to create device_node lnk files. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1RxEYACgkQrlYvE4MpobMghwCg10TClwqwEXzHQ8CGPxzVA5Fb Qg4AoKYf01Bqb0+80sRaUB/HbR+hJDGj =052B -----END PGP SIGNATURE----- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: devices.patch Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20110208/98f4fc84/attachment.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: devices.patch.sig Type: application/pgp-signature Size: 72 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110208/98f4fc84/attachment.bin